package com.baosight.risk.common.filter;

import com.baosight.risk.common.utils.ShiroUtils;
import com.baosight.risk.common.utils.StringUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.springframework.stereotype.Component;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Slf4j
public class MyFilter extends AccessControlFilter {
    @Override
    protected boolean isAccessAllowed(ServletRequest ret, ServletResponse resp, Object o) throws IOException {
        HttpServletRequest request = (HttpServletRequest) ret;
        HttpServletResponse response = (HttpServletResponse) resp;

        String url = request.getRequestURL().toString();
        if (url.contains("loginCompany") || url.contains("getCompany") || url.contains("buapxLogin") || url.contains("CasSso") || url.contains("getUser")) {
            return true;
        }
        if (ShiroUtils.getUser() == null || StringUtils.isNull(ShiroUtils.getUser().getUserCode())) {
            response.setStatus(401);
            return false;
        }
        return true;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest ret, ServletResponse response) throws Exception {
        return true;
    }
}
